apiserver: make InClusterConfig errs for delegated authn/z non-fatal

This commit is contained in:
Dr. Stefan Schimanski 2018-09-05 09:12:19 +02:00
parent 059fce63b7
commit 04e793e65a
2 changed files with 10 additions and 4 deletions

View File

@ -364,9 +364,12 @@ func (s *DelegatingAuthenticationOptions) getClient() (kubernetes.Interface, err
clientConfig, err = loader.ClientConfig() clientConfig, err = loader.ClientConfig()
} else { } else {
// without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will // without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will
// use this path // use this path. If it is optional, ignore errors.
clientConfig, err = rest.InClusterConfig() clientConfig, err = rest.InClusterConfig()
if err == rest.ErrNotInCluster && s.RemoteKubeConfigFileOptional { if err != nil && s.RemoteKubeConfigFileOptional {
if err != rest.ErrNotInCluster {
glog.Warningf("failed to read in-cluster kubeconfig for delegated authentication: %v", err)
}
return nil, nil return nil, nil
} }
} }

View File

@ -151,9 +151,12 @@ func (s *DelegatingAuthorizationOptions) getClient() (kubernetes.Interface, erro
clientConfig, err = loader.ClientConfig() clientConfig, err = loader.ClientConfig()
} else { } else {
// without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will // without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will
// use this path // use this path. If it is optional, ignore errors.
clientConfig, err = rest.InClusterConfig() clientConfig, err = rest.InClusterConfig()
if err == rest.ErrNotInCluster && s.RemoteKubeConfigFileOptional { if err != nil && s.RemoteKubeConfigFileOptional {
if err != rest.ErrNotInCluster {
glog.Warningf("failed to read in-cluster kubeconfig for delegated authorization: %v", err)
}
return nil, nil return nil, nil
} }
} }